<?php
//Set up the system
require('config.include.php');
//Auth stuff
require('auth.include.php');
?>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
<title>Edit A User</title>
<link rel="stylesheet" href="admin.css" />
</head>

<body>
<div id="wrapper">
	<div id="header">
    	<?php echo('<a href="../" class="breadcrumb">'.SITE_TITLE.'</a> &raquo; <a href="dashboard.php" class="breadcrumb">Dashboard</a> &raquo; <a href="edituser.php" class="breadcrumb">Edit A User</a>'); ?>
    </div>
    <div id="sidebar">
<?php
	require('nav.include.php');
?>
    </div>
    <div id="content">
        <div class="contentblock">
<?php
	$printform=false;
	if(!isset($_REQUEST['userid'])) {
		echo('<h2>Which user would you like to edit?</h2>');
		$users=$_p->tb_users->select('true');
		if(count($users)>0) {
			//Count users
			$total_users=count($users);
			echo('<ul>');
			foreach($users as $row_id=>$row_data) {	
				echo('<li><a href="edituser.php?userid='.$row_id.'&amp;edit"><strong>'.htmlentities($row_data['username'],ENT_QUOTES,"UTF-8").'</strong></a></li>');
			}
			echo('</ul>');
		}
		else {
			echo('There are no users.');
		}
	}
	elseif(isset($_REQUEST['edit'])) {
		if($_POST['newusername']!='' &&$_POST['oldpassword']!='') {
			$uid=$_p->tb_users->firstMatchingId('%%ID%%==\''.fetch::qEscape($_REQUEST['userid']).'\'');
			if($uid!==false) {
				if (md5($_POST['oldpassword'])==$_p->tb_users->getFieldValue($_REQUEST['userid'],'hash')){
					if(preg_match('/^[a-zA-Z0-9_-]+$/i', $_POST['newusername'])) {
						if($_POST['newpassword']=='') {
							echo('<h2>Edited User</h2>
							<a href="edituser.php">Return</a>');
							$_p->edit_user($_REQUEST['userid'],array('username'=>$_POST['newusername']));
						}
						else {
							if($_POST['newpassword']===$_POST['confirmnewpassword']) {
								echo('<h2>Edited User</h2>
								<a href="edituser.php">Return</a>');
								$_p->edit_user($_REQUEST['userid'],array('username'=>$_POST['newusername'],'hash'=>md5($_POST['newpassword'])));
							}
							else {
								echo('<h2 class="red">Error</h2>
								New passwords do not match<br />');
								$printform=true;
							}
						}
					}
					else {
						echo('<h2 class="red">Error</h2>
						Usernames may only contain letters, numbers, dashes and underscores<br />');
						$printform=true;			
					}
				}
				else {
					echo('<h2 class="red">Error</h2>
					Old password is incorrect<br />');
					$printform=true;			
				}
			}
			else {
				echo('<h2 class="red">Error</h2>
				The user does not exist<br />');
				$printform=true;
			}
		}
		elseif(isset($_POST['edituser'])) {
			echo('<h2 class="red">Error</h2>
			Please fill out all the required fields<br />');
			$printform=true;
		}
		else {
			$printform=true;
		}
	}
		
	if($printform) {
	echo('
    	<form action="edituser.php" method="post">
		<h2>Username*</h2>
		<input type="text" class="full" name="newusername" value="'.htmlentities($_p->tb_users->getFieldValue($_REQUEST['userid'],'username'),ENT_QUOTES,"UTF-8").'"/>
		<h2>Old Password*</h2>
		<input type="password" class="full" name="oldpassword" value=""/>
		<h2>New Password</h2>
		<input type="password" class="full" name="newpassword" value=""/>
		<h2>Confirm New Password</h2>
		<input type="password" class="full" name="confirmnewpassword" value=""/>
		<input type="hidden" name="edit" value=""/>
		<input type="hidden" name="userid" value="'.$_REQUEST['userid'].'"/>
		<br/><br/><input type="submit" name="edituser" value="Edit User" />
        </form>
		*required
	');
	}

?>
		</div>
    </div>
    <div id="footer">
    </div>
</div>
</body>
</html>